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CLAIMS 

1 1 . A method of allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the method comprising the steps of: 

4 routing connections for input devices for the workstation to a proxy in 

5 the second network; 

6 establishing a remotable session in the second network; 

7 connecting the input devices to the remotable session through the 

8 proxy in the second network so that the input devices are operable to control 

9 applications running in the remotable session; 

10 sending output from the remotable session through the proxy in the 

1 1 second network to a proxy in the first network through a diode that ensures 

12 that information only flows in one direction; and 

13 forwarding the output from the proxy in the first network to a remote 

14 session viewer at the workstation. 



1 2. The method of claim 1 wherein the establishing step includes sending a 

2 login screen and further comprising the step of receiving login information for a user 

3 at the second network. 
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1 3. Apparatus for allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the apparatus comprising: 

4 means for routing connections for input devices for the workstation to a 

5 proxy in the second network; 

6 means for establishing a remotable session in the second network; 

7 means for connecting the input devices to the remotable session 

8 through the proxy in the second network so that the input devices are operable 

9 to control applications running in the remotable session; 

1 0 means for sending output from the remotable session through the proxy 

11 in the second network to a proxy in the first network through a diode that en- 

12 sures that information only flows in one direction; and 

13 means for forwarding the output from the proxy in the first network to a 

1 4 remote session viewer at the workstation . 

1 4. A system for selectively allowing access by a workstation connected to a 

2 plurality of networks to information in a network of the highest security level or in a 

3 selected network from one or more other networks of lower security levels, the sys- 

4 tern comprising: 

5 a switching unit for selectively routing connections for input devices to 

6 the workstation or to the selected network; 
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7 a plurality of programmable computer systems disposed in the plurality 

8 of networks, each of the programmable computer systems operable to execute 

9 applications under the control of the workstation; 

1 0 a plurality of diode servers disposed one each in each of the plurality of 

1 1 networks, each diode server in the one or more other networks connected to 

12 the switching unit and at least one programmable computer system and oper- 

13 able as a proxy to connect the switching unit to a remotable session in the se- 

14 lected network, a selected diode server further operable to forward output from 

15 the remotable session to the network of the highest security level for display in 

1 6 a remote session viewer at the workstation; and 

17 one or more diodes disposed one each between a diode server in one 

18 of the one or more other networks and a diode server in the network of the 

19 highest security level so that information can flow only from the selected net- 

20 work to the network of the highest security level. 

1 5. A method of operating a server to proxy access by a workstation connected 

2 to a first network of a highest security level, to information in a second network of a 

3 lower security level, the method comprising the steps of: 

4 establishing a remotable session in the second network; 

5 connecting the input devices to the remotable session through the 

6 server so that the input devices are operable to control applications running in 

7 the remotable session; and 
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8 sending output from the remotable session to the first network through 

9 a diode that ensures that information only flows from the server in the second 
1 0 network to the first network. 

1 6. The method of claim 5 wherein the establishing step includes sending a 

2 login screen and further comprising the step of receiving login information for a user 

3 at the second network. 

1 7. A computer program product for enabling a server to proxy access by a 

2 workstation connected to a first network of a highest security level, to information in a 

3 second network of a lower security level, the computer program product including a 

4 computer program comprising; 

5 instructions for establishing a remotable session in the second network; 

6 instructions for connecting the input devices to the remotable session 

7 through the server so that the input devices are operable to control applica- 

8 tions running in the remotable session; and 

9 instructions for sending output from the remotable session to the first 

10 network through a diode that ensures that information only flows from the 

1 1 server in the second network to the first network. 
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1 8. The computer program product of claim 7 wherein the computer program 

2 further comprises instructions sending a login screen and receiving login information 

3 for a user at the second network. 

1 9. The computer program product of claim 7 wherein the instructions for 

2 sending output further include instructions for software throttling. 

1 10. The computer program product of claim 8 wherein the instructions for 

2 sending output further include instructions for software throttling. 

1 11. Apparatus for granting access by a workstation connected to a first net- 

2 work of a highest security level, to information in a second network of a lower security 

3 level, the apparatus comprising: 



4 means for establishing a remotable session in the second network; 

5 means for connecting the input devices to the remotable session so that 

6 the input devices are operable to control applications running in the remotable 

7 session; and 

8 means for sending output from the remotable session to the first net- 

9 work through a diode that ensures that information only flows from the second 
1 0 network to the first network. 
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1 12. A programmed computer system which is operable to proxy access by a 

2 workstation connected to a first network of a highest security level, to information in a 

3 second network of a lower security level by performing the steps of: 

4 establishing a remotable session in the second network; 

5 connecting the input devices to the remotable session through the 

6 server so that the input devices are operable to control applications running in 

7 the remotable session; and 

8 sending output from the remotable session to the first network through 

9 a diode that ensures that information only flows from the server in the second 
1 0 network to the first network. 

1 13. The computer system of claim 12 which is further operable to apply soft- 

2 ware throttling to the output being sent to the first network. 

1 14. A system for allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the system comprising: 

4 a diode handler object for communicating between the system and a 

5 diode that allows information to flow in only one direction; and 
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6 a proxy server object for interconnecting the diode handler object to a 

7 remotable session viewer in the workstation. 

1 15. A system for allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the system comprising: 

4 a diode handler object for communicating between the system and a 

5 diode that allows information to flow in only one direction; 

6 a proxy client object for interconnecting the diode handler object to a 

7 remotable session; and 

8 a switch handler object connected to the proxy client object for commu- 

9 nicating between the proxy client object and a switching unit. 

1 16. The system of claim 15 wherein the diode handler object applies software 

2 throttling to the information. 
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